package com.handa.admin.common.config;


import com.handa.admin.userservice.common.security.filter.TokenAuthenticationFilter;
import com.handa.admin.userservice.common.security.service.MyTokenService;
import org.apache.commons.lang3.StringUtils;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;

@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    private final MyTokenService tokenService;
    @Value("${spring.security.url.permitAll}")
    private String permitUrl;

    public SecurityConfig(MyTokenService tokenService) {
        this.tokenService = tokenService;
    }

    @Override
    protected void configure(HttpSecurity httpSecurity) throws Exception {
        String[] permits;
        if (StringUtils.isNotBlank(permitUrl)) {
            permits = permitUrl.split(",");
        } else {
            permits = new String[]{};
        }
        httpSecurity.authorizeRequests()
                .antMatchers("/swagger-ui/**",
                        "/v2/api-docs/**",
                        "/doc.html",
                        "/swagger-resources/**",
                        "/webjars/**",
                        "/api-docs"
                )
                .permitAll()
                .antMatchers("/ws/**").permitAll()
                .antMatchers("/sse/**").permitAll()
                .antMatchers("/**").permitAll()
                .antMatchers(permits).permitAll()
                .anyRequest().authenticated()
                .and().csrf().disable();  // 关闭csrf防护

        TokenAuthenticationFilter tokenAuthenticationFilter = new TokenAuthenticationFilter(tokenService);
        httpSecurity.addFilterBefore(tokenAuthenticationFilter, UsernamePasswordAuthenticationFilter.class);
    }

    //忽略websocket拦截
    @Override
    public void configure(WebSecurity webSecurity) {
        webSecurity.ignoring().antMatchers(
                "/ws/**"
        );
    }

    @Bean
    public BCryptPasswordEncoder bCryptPasswordEncoder() {
        return new BCryptPasswordEncoder();
    }

    @Bean
    public AuthenticationManager authenticationManager(AuthenticationConfiguration authenticationConfiguration) throws Exception {
        return authenticationConfiguration.getAuthenticationManager();
    }
}
